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Probabilistic Process Algebra 
and Strategic Interleaving 


C.A. Middelburg! 


Abstract 


We first present a probabilistic version of ACP that rests on the 
principle that probabilistic choices are always resolved before choices 
involved in alternative composition and parallel composition are re- 
solved and then extend this probabilistic version of ACP with a form 
of interleaving in which parallel processes are interleaved according 
to what is known as a process-scheduling policy in the field of oper- 
ating systems. We use the term strategic interleaving for this more 
constrained form of interleaving. The extension covers probabilistic 
process-scheduling policies. 

Keywords: process algebra, probabilistic choice, parallel composi- 
tion, arbitrary interleaving, strategic interleaving. 


1 Introduction 


First of all, we present a probabilistic version of ACP [9, 13], called pACP 
(probabilistic ACP). pACP is a minor variant of the subtheory of pACP,, [4] 
in which the operators for abstraction from some set of actions are lacking. 
It is a minor variant of that subtheory because we take functions whose range 
is the carrier of a signed cancellation meadow instead of a field as proba- 
bility measures, add probabilistic choice operators for the probabilities 0 
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and 1, and have an additional axiom because of the inclusion of these oper- 
ators. The probabilistic choice operators for the probabilities 0 and 1 cause 
no problem because a meadow has a total multiplicative inverse operation 
where the multiplicative inverse of zero is zero. Because of this property, 
we could also improve the operational semantics of pACP. In particular, we 
could reduce the number of rules for the operational semantics and replace 
all negative premises by positive premises in the remaining rules. 


We also extend pACP with a form of interleaving in which parallel pro- 
cesses are interleaved according to what is known as a process-scheduling 
policy in the field of operating systems (see e.g. [30, 31]). In [16], we have 
extended ACP with this more constrained form of interleaving. In that 
paper, we introduced the term strategic interleaving for this form of in- 
terleaving and the term interleaving strategy for process-scheduling policy. 
Unlike in the extension presented in [16], probabilistic interleaving strate- 
gies are covered in the extension presented in the current paper. More 
precisely, the latter extension assumes a generic interleaving strategy that 
can be instantiated with different specific interleaving strategies, including 
probabilistic ones. 


A main contribution of this paper to the area of probabilistic process 
algebra is a semantics of pACP for which the axioms of pACP are sound 
and complete. For pACP, such a semantic is not available. For pTCP,, a 
variant of pACP_, an erroneous semantics is given in [23] (see Section 3.5 
for details). This rules out the possibility to derive a semantics of pACP or 
pACP., from this semantics of pTCP,. Another contribution of this paper 
is an extension of pACP with strategic interleaving that covers probabilistic 
interleaving strategies. The work presented in [16] and this paper is the only 
work on strategic interleaving in the setting of a general algebraic theory of 
processes like ACP, CCS and CSP. 


The motivation for elaborating upon the work on pACP. presented 
in [4] is that it introduces a parallel composition operator characterized by 
remarkably simple and natural axioms — axioms that should be backed 
up by an appropriate semantics. The motivation for considering strategic 
interleaving in the setting of ACP originates from an important feature of 
many contemporary programming languages, namely multi-threading (see 
Section 4.1 for details). 

The rest of this paper is organized as follows. First, the theory of signed 
cancellation meadows is briefly summarized (Section 2). Next, pACP and its 
extension with guarded recursion, called pACPyec, is presented (Section 3). 
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After that, the extension of pACPye- with strategic interleaving is presented 
(Section 4). Finally, we make some concluding remarks (Section 5). 


2 Signed Cancellation Meadows 


Later in this paper, we will take functions whose range is the carrier of a 
signed cancellation meadow as probability measures. Therefore, we briefly 
summarize the theory of signed cancellation meadows in this section. 

In [19], meadows are proposed as alternatives for fields with a purely 
equational axiomatization. Meadows are commutative rings with a multi- 
plicative identity element and a total multiplicative inverse operation where 
the multiplicative inverse of zero is zero. Fields whose multiplicative inverse 
operation is made total by imposing that the multiplicative inverse of zero 
is zero are called zero-totalized fields. All zero-totalized fields are meadows, 
but not conversely. 

Cancellation meadows are meadows that satisfy the cancellation az- 
tom c#OVAX-y=u-2z => y=z. The cancellation meadows that satisfy 
in addition the separation axiom 0 # 1 are exactly the zero-totalized fields. 

Signed cancellation meadows are introduced in [12]. They are cancel- 
lation meadows expanded with a signum operation. The signum operation 
makes it possible that the ordering relations < and < of ordered fields are 
defined (see below). 

The signature of signed cancellation meadows consists of the following 
constants and operators: 


e the additive identity constant 0; 
e the multiplicative identity constant 1; 
e the binary addition operator + ; 
e the binary multiplication operator - ; 
e the unary additive inverse operator — ; 
1 


e the unary multiplicative inverse operator ~* ; 


e the unary signum operator s. 
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Terms are build as usual. We use prefix notation, infix notation, and postfix 
notation as usual. We also use the usual precedence convention. We intro- 
duce subtraction and division as abbreviations: t — t’ abbreviates t + (—t’) 
and t/t’ abbreviates t - (t’*). 

Signed cancellation meadows are axiomatized by the equations in Ta- 
bles 1 and 2 and the above-mentioned cancellation axiom. 


Table 1: Axioms of a meadow 


(on+y)tz2=a+(ytz)  (a-y)-2=2-(y-2) (go) =a 
c+y=yt+e2 uey=y-u e-(2-a¢ ')=a 
c+0=2 e-l=2 

z+(-x) =0 ae-(ytz)=a-yt+u-z 


Table 2: Additional axioms for the signum operator 


s(a/x) = «/ax s(x~') = s(x) 
s(l—2/x) =1-2/x s(x-y) = 8(x) - s(y) 
s(—1) =—1 (1— S98) . (s(@ + y) — s(x) =0 


The ordering relations < and < of ordered fields are defined in signed can- 
cellation meadows as follows: 


r<y & Ss(y—2)=1, 
gr<y > s(s(y—z)+1)=1. 


Since s(s(y—a)+1) 4 —1, we have0 <a <1  s(s(x)+1)-s(s(1—2)4+1) = 
1. We will use this equivalence below to describe the set of probabilities. 

In [18], Kolmogorov’s probability axioms for finitely additive probabil- 
ity spaces are rephrased for the case where probability measures are func- 
tions whose range is the carrier of a signed cancellation meadow. 


3  pACP with Guarded Recursion 


In this section, we introduce pACP (probabilistic Algebra of Communicating 
Processes) and guarded recursion in the setting of pACP. The algebraic 
theory pACP is a minor variant of the subtheory of pACP, [4] in which 
the operators for abstraction from some set of actions are lacking. pACP 
is a variant of that subtheory because: (a) the range of the functions that 
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are taken as probability measures is the carrier of a signed cancellation 
meadow in pACP and the carrier of a field in pACP_; (b) probabilistic choice 
operators for the probabilities 0 and 1, together with an axiom concerning 
these two operators, are found in pACP, but not in pACP.. Moreover, a 
semantics is available for pACP, but not really for pACP,,.? 


3.1 pACP 


In pACP, it is assumed that a fixed but arbitrary set A of actions, with 6 ¢ 
A, has been given. We write As for AU{6}. Related to this, it is assumed that 
a fixed but arbitrary commutative and associative communication function 
y:As x As > As, with 7(6,a) = 6 for all a € As, has been given. The 
function y is regarded to give the result of synchronously performing any 
two actions for which this is possible, and to give 6 otherwise. 

It is also assumed that a fixed but arbitrary signed cancellation meadow 
MM has been given. We denote the interpretations of the constants and op- 
erators of signed cancellation meadows in SN by the constants and operators 
themselves. We write P for the set {a € II | s(s(7)+1)-s(s(1—7) +1) = 1} 
of probabilities. 

The signature of pACP consists of the following constants and opera- 
tors: 


e for each a € A, the action constant a; 
e the inaction constant 6; 
e the binary alternative composition operator + ; 


e the binary sequential composition operator - ; 


e for each a € P, the binary probabilistic choice operator tt, ; 


e the binary parallel composition operator || ; 
e the binary left merge operator || ; 
e the binary communication merge operator | ; 


e for each H CA, the unary encapsulation operator Ox . 


“Issues with the semantics of pACP,, are discussed in Section 3.5. 
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We assume that there is a countably infinite set VY of variables, which con- 
tains x, y and z, with and without subscripts. Terms are built as usual. 
We use infix notation for the binary operators. The precedence conventions 
used with respect to the operators of pACP are as follows: + binds weaker 
than all others, - binds stronger than all others, and the remaining operators 
bind equally strong. 

The constants and operators of pACP can be explained as follows: 


e the constant a denotes the process that can only perform action a and 
after that terminate successfully; 


e the constant 6 denotes the process that cannot do anything; 


e aclosed term of the form ¢ + t’ denotes the process that can behave 
as the process denoted by ¢ or as the process denoted by t’, where the 
choice between the two is resolved exactly when the first action of one 
of them is performed; 


e aclosed term of the form ¢-t’ denotes the process that can first behave 
as the process denoted by ¢ and can next behave as the process denoted 
by U'; 


e aclosed term of the form t,t’ denotes the process that will behave as 
the process denoted by t with probability 7 and as the process denoted 
by t’ with probability 1—7, where the choice between the two processes 
is resolved before the first action of one of them is performed; 


e aclosed term of the form t || t/ denotes the process that can behave 
as the process that proceeds with the processes denoted by ¢ and t’ in 
parallel; 


e a closed term of the form t || t/ denotes the process that can behave 
the same as the process denoted by t || t’, except that it starts with 
performing an action of the process denoted by ¢; 


e aclosed term of the form t | t/ denotes the process that can behave 
the same as the process denoted by ¢ || t’, except that it starts with 
performing an action of the process denoted by ¢ and an action of the 
process denoted by t’ synchronously; 


e a closed term of the form O7(t) denotes the process that can behave 
the same as the process denoted by t, except that actions from H are 
blocked. 
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Processes in parallel are considered to be arbitrarily interleaved. With that, 
probabilistic choices are resolved before interleaving steps are enacted. 


The operators || and | are of an auxiliary nature. They are needed to 
axiomatize pACP. 


The axioms of pACP are the equations given in Table 3. In these 


Table 3: Axioms of pACP 


crty=ytu Al t=x+uaAy=yty 
(e+ty)t+z2=a4+(y+z) A2 e\lly=allytyllately CM1’ 
a+a=a A3! al|lt=a-a CM2 
(@+y)-z=a-z4+y-z A4 a:«|ly=a-(a|y) CM3 
(a@-y)-z=a2-(y-2) Ad (a+y)|_z=a|Lz+y|lz CM4 
ctd=a2 A6 a:«|b=(a,b)-x CM5 
6-r=6 AT alb-x=(a,b)-« CM6 
a-x|b-y=-(a,6)- («|| y) CM? 
(a+ty)|z=ax2|z2z+y|z CM8 
Ou(a) =a ifa¢gH D1 e|(y+z)=alyt+a|z CM9 
On(a) =6 ifaeH D2 d|x=6 CM10 
On (a + y) = On(x) + On(y) D3 x|d=6 CM11 
Ou (x - y) = On (2) - On(y) D4 a|b=~(a,b) CM12 
ry=ythoe pAL (attr y) lz =(@l|z) te (lz) pCM1 
(@ thr y) tp z= v || (y tte z) =(@|ly) te (@||z) pCM2 
€ ttr-p (y ta-n)-» 2) pA2-— (wttry) Lz =(@|L 2) te llz) pCM3 
be denes pag tL (ye 2) =(elLy) tte (wl 2) pCMa 
Ro merereee pad (© they) |2=(@/2) tte (yl2)— pOMS 


(wttey)t2=(e+z)te(y+z) pas tl Era) =( 


8 
K~3 
| 
8 
ue} 
> 
aD 
es) 
q 
8 
a 
= 
| 
jes) 
q 
aoe 
ay 
jes) 
q 
= 
ue} 
oO 


equations, a and 6 stand for arbitrary constants of pACP (which include 
the action constants and the inaction constant), H stands for an arbitrary 
subset of A, and 7 and p stand for arbitrary probabilities from P. Moreover, 
y(a,b) stands for the action constant for the action y(a,b). In D1 and D2, 
side conditions restrict what a and H stand for. 

The equations in Table 3 above the dotted lines, with A3’ replaced by 
the equation x + x = x and CMI’ replaced by its consequent, constitute 
an axiomatization of ACP. In presentations of ACP, y(a,b) is regularly 
replaced by a |b in CM5-CM7. By CM12, which is more often called CF, 
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these replacements give rise to an equivalent axiomatization. Moreover, 
CM10 and CM11 are usually absent. These equations are not derivable from 
the other axioms, but all their closed substitution instances are derivable 
from the other axioms and they hold in all models that have been considered 
for ACP in the literature. 

With regard to axioms A3’ and CM1’, we remark that, for each closed 
term t of pACP, ¢ = t+t is derivable iff t is not derivably equal to a term of 
the form ¢’ 4, t” with 7 € P \ {0,1}. By the completeness result that will 
be established in Section 3.4, this roughly means that t = ¢ + t is derivable 
iff the process denoted by ¢ does not have to resolve a probabilistic choice 
before it can perform its first action. 

pACP has pAl, pA3—pA5, pCM1—pCM2, and pD in common with 
pACP., as presented in [4]. Replacement of axiom pA2 of pACP by axiom 
pA2 of pACP,,, that is x tt; (y Hz) = (# fe -.Y) get gpg Sy BIVES TSE 


to an equivalent axiomatization. In [23], some pCM3-pCM6 are presented 
as axioms of pTCP_, a variant of pACP, in which the action constants have 
been replaced by action prefixing operators and a constant for the process 
that is only capable of terminating successfully. Therefore, axioms pCM3-— 
pCM6 may be absent in [4] by mistake. 

Axiom pA6 is new. Notice that (Hoy) Hoz = z and x Ho (y Hoz) = z 
are derivable from pAl and pA6. This is consistent with the instance of pA2 
where 7 = p = 0 because in meadows 0/0 = 0. 

In the sequel, we will use the notation >;"_, t;, where n > 1, for right- 
nested alternative compositions. For each n € Nj, the term S>¥"_, t; is 
defined by induction on n as follows:? 


yan t; =t, and wae @=tt+ ye tig « 


In addition, we will use the convention that S~?_, t; = 6. 

In the sequel, we will also use the notation {;_, [mi] t; where n > 1 
and )7,-, 7: = 1, for right-nested probabilistic choices. For each n € Nj, 
the term {};_, [™] t; is defined by induction on n as follows: 


Halie=h and GE le =6 On Clee). 


The process denoted by ee [7i] t; will behave like the process denoted 
by t, with probability 7,, ..., and like the process denoted by tn41 with 
probability tn41. 


3We write N; for the set {n €¢ N| n > 1} of positive natural numbers. 
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In the next definition, the following summand notation is used. Let t¢ 
and t’ be closed pACP terms. Then we write t <, t’ for the assertion that 
t=? or there exists a closed pACP term t” such that t+ t” = t’ is derivable 
from axioms Al and A2 and we write t <, t’ for the assertion that t = ¢’ or 
there exists a closed pACP term t” anda za € P\{0,1} such that tu, t” = ¢ 
is derivable from axioms pAl and pA2.4 

Each closed pACP term is derivably equal to a proper basic term of 
pACP. The set B of proper basic terms of pACP is inductively defined, 
simultaneously with auxiliary sets B°, B!, B?, and B?, by the following rules: 


0 6c B°,; 

e ifacA, thena€ B!; 

e ifacAandt€B, thena-teE B'; 

e ift ¢ B!, then t € B?; 

e ifte B', t € B’, and not t <, vt, thent4+U € B?; 


e if t € B?, then t € B°; 


e iftc B’,t ¢ B’, nott <0’, and we P \ {0,1}, thent 4, t! € B?; 


e if t € B°, then t € B; 


e ift € B°, then t EB. 


Proposition 1 For each pACP term t, there exists a proper basic term t’ 
of pACP such that t = t' is derivable from the axioms of pACP. 


Proof: The proof is straightforward by induction on the structure of t. 
The case where t is of the form 6 and the case where t is of the form a (a € A) 
are trivial. The case where t is of the form f, - tg follows immediately from 
the induction hypothesis (applied to t; and tz) and the claim that, for all 
proper basic terms t and t) of pACP, there exists a proper basic term t! 
of pACP such that t/, - t4 = t’ is derivable from the axioms of pACP. This 
claim is straightforwardly proved by induction on the structure of t. The 
cases where ¢ is of the form t; + to, ti ty te, ti || te, t1 | te or On(t1) are 
proved in the same vein as the case where t¢ is of the form t; - tg. In the 
case that t is of the form t, | t2, each of the cases to be considered in the 


“We write t = t’ to indicate that t is syntactically equal to t’. 
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inductive proof of the claim demands a (nested) proof by induction on the 
structure of th. The case that t is of the form fj || tg follows immediately 
from the case that t is of the form ft; || t2 and the case that t is of the form 
pel toe 


3.2. Guarded Recursion 


A closed pACP term denotes a process with a finite upper bound to the 
number of actions that it can perform. Guarded recursion allows the de- 
scription of processes without a finite upper bound to the number of actions 
that it can perform. 

The current subsection applies to both pACP and its extension 
pACP+pSI introduced in Section 4. Therefore, in the current subsection, 
let PPA be pACP or pACP+pSI. 

Let t be a PPA term containing a variable X. Then an occurrence of X 
in t is guarded if t has a subterm of the form a-t’ where a € A and t’ is 
a PPA term containing this occurrence of X. A PPA term t is a guarded 
PPA term if all occurrences of variables in ¢ are guarded. 

A recursive specification over PPA is a set {X; = t; | 7 © I}, where I 
is a finite or countably infinite set, each X; is a variable from 1, each t; is 
a PPA term in which only variables from {X; | i € I} occur, and X; #4 X; 
for all i,j € I with i 4 j. A recursive specification {X; = t; | i € I} over 
PPA is a guarded recursive specification over PPA if each t; is rewritable to 
a guarded PPA term using the axioms of PPA in either direction and the 
equations in {X; =t; | j €LAi 4 j} from left to right. 

We write V(E), where EF is a guarded recursive specification, for the 
set of all variables that occur in EF. The equations occurring in a guarded 
recursive specification are called recursion equations. 

A solution of a guarded recursive specification EF in some model of PPA 
is a set {Px | X € V(E)} of elements of the carrier of that model such that 
the equations of E hold if, for all X € V(E), X is assigned Px. We are only 
interested in models of PPA in which guarded recursive specifications have 
unique solutions — such as the model presented in Section 3.3. 

We extend PPA with guarded recursion by adding constants for solu- 
tions of guarded recursive specifications over PPA and axioms concerning 
these additional constants. For each guarded recursive specification E’ over 
PPA and each X € V(E), we add a constant standing for the unique so- 
lution of EF for X to the constants of PPA. The constant standing for the 
unique solution of E for X is denoted by (X|E). We use the following 
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notation. Let t be a PPA term and EF be a guarded recursive specification 
over PPA. Then we write (t|) for t with, for all X € V(£), all occurrences 
of X in t replaced by (X|E). We add the equation RDP and the condi- 
tional equation RSP given in Table 4 to the axioms of PPA. In RDP and 


Table 4: Axioms for guarded recursion 
(X|E)=(t/E) ifX=t € E RDP 
E => X=(X|E) if X€V(E)_ RSP 


RSP, X stands for an arbitrary variable from 1, t stands for an arbitrary 
PPA term, and F stands for an arbitrary guarded recursive specification 
over PPA. Side conditions restrict what X, t and E stand for. We write 
PPAyec for the resulting theory. 

The equations (X|E) = (t|) for a fixed E express that the constants 
(X|E) make up a solution of E. The conditional equations E > X = 
(X|E) express that this solution is the only one. 

Because we have to deal with conditional equational formulas with 
a countably infinite number of premises in PPAy;ec, it is understood that 
infinitary conditional equational logic is used in deriving equations from the 
axioms of PPA;... A complete inference system for infinitary conditional 
equational logic can be found in, for example, [33]. It is noteworthy that 
in the case of infinitary conditional equational logic derivation trees may be 
infinitely branching (but they may not have infinite branches). 


3.3 Semantics of pACP with Guarded Recursion 


In this subsection, we present a structural operational semantics of pACPyrec 

and define a notion of bisimulation equivalence based on this semantics. 
We start with the presentation of a structural operational semantics of 

pACPyece. The following relations on closed pACPyec terms are used: 


e for each a € A, a unary relation Sy; 
e for each a € A, a binary relation  ; 


e for each 7 € P, a binary relation >. 


We write t 4, for the assertion that t € sy, t “> t/ for the assertion that 
(t,t’) € >, t + @' for the assertion that (t,t’) € 4, and t 7 #’ for the 
assertion that, for all 7 € P \ {0}, not (t,t’) ©. These assertions can be 
explained as follows: 
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t 4 indicates that t can perform action a and then terminate suc- 
cessfully; 


e t “7 indicates that t can perform action a and then behave as t’; 
e t+?’ indicates that t will behave as t’ with probability 7; 


t Ee t’ indicates that t will not behave as t’ with a probability greater 
than zero. 


The structural operational semantics of pACPyee is described by the rules 
given in Tables 5 and 6. The rules in Table 5 describe the relations *s/ and 
the relations > and the rules in Table 6 describe the relations “>. In these 
tables, a and 6 stand for arbitrary actions from A, 7, p, and p’ stand for 
arbitrary probabilities from P, X stands for an arbitrary variable from 4, t 
stands for an arbitrary pACP term, and F& stands for an arbitrary guarded 
recursive specification over pACP. 

We could have excluded the relation 23 and by that obviated the need 
for the last rule in Table 6. In that case, however, 11 additional rules 
concerning the relations +, all with negative premises, would be needed 
instead. 

Notice that, if t is not derivably equal to a term whose outermost 
operator is a probabilistic choice operator, then ¢t can only behave as itself 
and consequently we have that t > t and t > ¢’ for each term ?¢’ other 
than t. 

The next two propositions express properties of the relations >. 


Proposition 2 For all closed pACPyec terms t and t’, t4> t! only ift=t'. 


Proof: This is easy to prove by induction on the structure of t. 


Proposition 3 For all closed pACPree terms t and t', there exists at € P 
such that t > t!. 


Proof: This is easy to prove by induction on the structure of t. 


We define a probability distribution function P from the set of all pairs 
of closed pACPyee terms to P as follows: 


P(t,t)= So a, where I(t,t’)={x|t te}. 
well (t,t’) 
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Table 5: Rules for the operational semantics of pACPrec (part 1) 


a—/ 
cy, yey’ cea, y Sy zal, yes y! zeal, yy! 
gty Sv gty ov sty oa’ gty Sy’ 
xy za! 
reyy cy oal-y 
cy, yey cea, y Sy zal, yes y! ce al, yy! 
r|lyy a \ly > x tllya'|ly x || y > a || y 
ay, ys a Sy, yy! 
a oer why (a,b) eA 
y(a,b) (a,b), 
2 || yy ome ce 
xx’, a xx’, ay 
—— ~ (a,b) A aah = U 7(a,b) EA 
oa me | 
LOY za! 
tlly>y xlySea'lly 
a b a b ! 
ty, y ty, y—> 
ee ¥(a, 6) A ve y y(a,b) EA 
fy tly——4y 
a va b a 7 b / 
za’, y—> ce 
a) ~ 4(a,b) A sab, er Nae 
a ere zly——> 2’ |ly 
rSy ZH xa! dH 
—___ q, a 
On (2) Sy On (a) + On (x’) 
t|E) t|E) Sa’ 
MENS pee NEY ES gett ee 
(X|E) >v (X|E) > x 


This function can be explained as follows: P(t, t’) is the total probability 
that t will behave as t’. 

We write P(t,T), where t is a closed pACPye. term and T is a set of 
closed pACPyrec terms, for yer P(t, t’). 

The well-definedness of P is a corollary of Proposition 3. 
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Table 6: Rules for the operational semantics of pACPrec (part 2) 


arya ao) 

cea’, yy! res a! cesz,yoz 

gtye 2’ +y ceyrsa'-y att, y mpt(l-m)-e', 

ges ax’, ys y’ rsa’, ys y! zs a’, yes y! 

ellya'|y ally Sally  slyPa'ly’ 
rey a’ (t|E) > z pee oe 

On (x) H+ Oy (2’) (X|E) 2 7 

oe ee! gq! 

res a! 


Corollary 1 Let t and t’ be closed pACPyee terms. Then there exists a 
unique  € P such that P(t,t’) =7. 


Moreover, P is actually a probability distribution function. 


Proposition 4 Let T be the set of all closed pACPrec terms. Then, for all 
closed pACPrece terms t, P(t,T) = 1. 


Proof: This is easy to prove by induction on the structure of t. 


It follows from Propositions 2 and 4 that the behaviour of t does not 
start with a probabilistic choice if t >’. This explains the premises x E> a! 
and y ee y’ in Table 5: they guarantee that probabilistic choices are always 
resolved before choices involved in alternative composition and parallel com- 
position are resolved. 

The relations used in an operational semantics are often called transi- 
tion relations. It is questionable whether the relations “> deserve this name. 
Recall that t > t/ means that ¢ will behave as ¢’ with probability 7. It is 
rather far-fetched to suppose that a transition from ¢ to t’ has taken place 
at the time that t starts to behave as t/. The relations + primarily con- 
stitute a representation of the probability distribution function P defined 
above. This representation turns out to be a convenient one in the setting 
of structural operational semantics. 
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In the next paragraph, we write [t]r, where t is a closed pACPrec term 
and R is an equivalence relation on closed pACPye. terms, for the equivalence 
class of t with respect to R. 

A probabilistic bisimulation is an equivalence relation R on closed 
pACPyree terms such that, for all closed pACPree terms t),t2 with R(t, t2), 
the following conditions hold: 


eift, > t for some closed pACPy.e- term t; and a € A, then there 
exists a closed pACPrec term t4 such that to > t4 and R(t}, t4); 
e if t; Sy for some a € A, then ty Sy; 


e P(t,,[t]r) = P(te, |t]z) for all closed pACPrec terms t. 
Two closed pACPrec terms t1,t2 are probabilistic bisimulation equivalent, 
written tj © te, if there exists a probabilistic bisimulation R such that 
R(ti,t2). Let R be a probabilistic bisimulation such that R(t1,t2). Then 
we say that R is a probabilistic bisimulation witnessing t, & te. 
The next two propositions state some useful results about ©. 


Proposition 5 For all closed pACPyec. terms t, tt+t only if t psd. 


Proof: — This follows immediately from the rules for the operational se- 
mantics of pACPyee, using that, for alla € P,a-n7=1iff=1. 


Proposition 6 © is the maximal probabilistic bisimulation. 


Proof: — It follows from the definition of © that it is sufficient to prove 
that © is a probabilistic bisimulation. 

We start with proving that © is an equivalence relation. The proofs of 
reflexivity and symmetry are trivial. Proving transitivity amounts to show- 
ing that the conditions from the definition of a probabilistic bisimulation 
hold for the composition of two probabilistic bisimulations. The proofs that 
the conditions concerning the relations 4 and -* hold are trivial. The 
proof that the condition concerning the function P holds is also easy using 
the following easy-to-check property of P: if J is an index set and, for each 
i € I, T; is a set of closed pACPye. terms such that, for all i,7 € I with 
1g, tity =O, then Pe T= ye Pe, Ta) 

We also have to prove that the conditions from the definition of a prob- 
abilistic bisimulation hold for <@. The proofs that the conditions concerning 
the relations “> and 4, hold are trivial. The proof that the condition con- 
cerning the function P holds is easy knowing the above-mentioned property 
of P. 
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3.4 Soundness and Completeness Results 


In this subsection, we present a soundness theorem for pACP;¢. and a com- 
pleteness theorem for pACP. 

We write R©, where R is a binary relation, for the equivalence closure 
of R. 

The following proposition will be used below in the proof of a soundness 
theorem for pACPyec. 


Proposition 7 © is a congruence with respect to the operators of 
pACPyec. 


Proof: In this proof, we write R, © R2, where R; and Rez are probabilistic 
bisimulations and © is a binary operator of pACPy ec, for the equivalence 
relation {(t1 © ta, to t4) | Ri(ti, t1) A Ro(te, th)}. 

Let t1, t), ta, t4 be closed pACPrec terms such that t) @ t, and te & th, 
and let Ry and R2 be probabilistic bisimulations witnessing t, © t4 and 
to © th, respectively. 

For each binary operator ¢ of pACPyec, we construct an equivalence 
relation Ry on closed pACPye. terms as follows: 


in the case that © is -: Ry = ((R1 > Rg) U R2)€ ; 
in the case that o is +, 4, or ||: Ryo = ((Ri o Rg) UR, U Ro)€ ; 
in the case that o is || or |: Ry = ((Ri > Re) U (Rj || Re) U Ry U Re) 


and for each encapsulation operator Oy, we construct an equivalence relation 
Ro, on closed pACPyre. terms as follows: 


Roy = ({(On (ti), On (th) | Ri (tr, ty) } U Ri)° 


For each operator ¢ of pACPye., we have to show that the conditions 
from the definition of a probabilistic bisimulation hold for the constructed 
relation Ro. 

The proofs that the conditions concerning the relations “} and > y 
hold are easy. The proof that the condition concerning the function P 
holds is straightforward using the property of P mentioned in the proof of 
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Proposition 6 and the following easy-to-check properties of P: 


P(t-t',T-T’) =0 if t’ ¢ T’, 
Posts 2) SPT) ift’ eT’, 
P(t+t,T+T') =P(,T)-P(t,T’), 

Pipe eo 7) =a-P(t,T)+(1—7)-P(t,T), 

Pee || 2) =P) POT). 

Pee ||P) = Pate Pe); 

Pele f(O) =LET):PEG.T), 

P(x (t), On(T)) = Pt,T) , 


where we write T'o T’, where T and T” are sets of closed pACPree terms 
and © is a binary operator of pACPrec, for the set {tot/|tEeTAt € T'} 
and we write Oy(T), where T is a set of closed pACPye. terms, for the set 
{On(t) |t € T}. 


pACP® is the variant of pACP with a different parallel composition 
operator that is presented in [2, 3].° A detailed proof of Proposition 7 is 
to a large extent a simplified version of the detailed proof of the fact that 
© is a congruence with respect to the operators of pACP* that is given 
in [3]. This is because of the fact that, except for the parallel composition 
operator, the structural operational semantics of pACP presented in this 
paper can essentially be obtained from the structural operational semantics 
of pACP* that is presented in [3] by removing unnecessary complexity. 

n [27], constraints have been proposed on the form of operational 
semantics rules which ensure that probabilistic bisimulation equivalence is 
a congruence. Both the reactive and generative models of probabilistic 
processes (see [32]) are covered in that paper. While pACPyec is based on 
the generative model, virtually all other work in this area covers the reactive 
model only. Unfortunately, the relations used for the structural operational 
semantics of pACPyec differ from the ones used in [27]. The chances are that 
the structural operational semantics of pACPyec can be adapted such that 
the results from that paper can be used to prove Proposition 7. However, 
it seems quite likely that such a proof requires much more effort than the 
proof sketched above. 

pACPyee is sound with respect to probabilistic bisimulation equivalence 
for equations between closed terms. 


°pACP* is called ACP? in [2]. 


222 C.A. Middelburg 


Theorem 1 (Soundness) For all closed pACPyec terms t andt’, t=t' is 
derivable from the axioms of pACPree only if t@t’. 


Proof: Since © is a congruence for pACPyec, we only need to verify the 
soundness of each axiom of pACPyec. 

For each equational axiom e of pACPyee (all axioms of pACPyec except 
CMI’ and RSP are equational), we construct an equivalence relation R, on 
closed pACPyec terms as follows: 


R. = {(t,t’) |t = is a closed substitution instance of e}© . 


For axiom CM1’, we construct an equivalence relation R’ on closed pACPre¢ 
terms as follows: 


R= 
{(t,t') |t =U is a closed substitution instance of eAtH>tAt' Hs t’}e, 


where e is the consequent of CM1’. 

For axiom RSP, we take an arbitrary instance {X; = t; |i € I} => 
Xj = (X;\{Xi = ti | 7 © T}) (GG € I) and construct an equivalence relation 
R" on closed pACPyec terms as follows: 


R’ = 
{(9(X5), (Xj|{Mi = te | 7 T})) | F ELANO EON Ajcy O(Xi) F O(K/)}FE 


where Q is the set of all functions from ¥ to the set of all closed pACPyee 
terms and 6(t), where 0 € © and t is a pACPyee term, stands for ¢ with, for 
all X € 4X, all occurrences of X replaced by 0(X). 

For each equational axiom e of pACPrec, we have to check whether 
the conditions from the definition of a probabilistic bisimulation hold for 
the constructed relation R-. For axiom CM1’, we have to check whether 
the conditions from the definition of a probabilistic bisimulation hold for 
the constructed relation R’. That this is sufficient for the soundness of 
axiom CM1’ follows from Proposition 5. For the instances of axiom RSP, 
we have to check whether the conditions from the definition of a probabilistic 
bisimulation hold for the constructed relation R”. 

All these checks are straightforward, for the condition concerning the 
function P, using the following easy-to-check property of P: if 6 is a bi- 
jection on T and P(t’,t) = P(t’, 8(t)) for all t € T, then P(t’,T) = 
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P(t",T). 


In versions of ACP where RSP follows from RDP and AIP (Approx- 
imation Induction Principle), soundness of RSP follows from soundness of 
RDP and AIP (see e.g. [9]). 

The following three lemmas will be used below in the proof of a com- 
pleteness theorem for pACP. For convenience, we introduce the notion of a 
rigid closed pACP term. 

A closed pACP term t is rigid if, for all probabilistic bisimulations R, 
R(t, t) only if the restriction of R to the set of all subterms of t is the identity 
relation on that set. 


Lemma 1 All proper basic terms t of pACP are rigid. 


Proof: This is easily proved by induction on the structure of t. 


Lemma 2 For all rigid closed pACP terms t and t', for all probabilistic 
bisimulations R with R(t,t’), the restriction of R to the set of all subterms 
of t is a bijection. 


Proof: Suppose there exist subterms ¢t; and t2 of t and a subterm t” of t’ 
such that R(t,,t’) and R(t2,t”). Because R(t,t’), R~! is a probabilistic 
bisimulation such that R~1(¢’,t) and R~!o R is a probabilistic bisimulation 
such that R~!o R(t, t). We also have that R7!'o R(t1, tz). Because t is rigid, 
it follows that t; = tg. 


Lemma 3 For all proper basic term t and t! of pACP, there exists a prob- 
abilistic bisimulation R with R(t,t') such that the restriction of R to the set 
of all subterms of t is a bijection only if t = t' is derivable from axioms Al, 
A2, pAl, and pA2. 


Proof: This is straightforwardly proved by induction on the structure 
of t. 


Theorem 2 (Completeness) For all closed pACP terms t andt', t@t’ 
only if t =t! is derivable from the axioms of pACP. 


Proof: By Proposition 1 and Theorem 1, it is sufficient to prove the 
theorem for proper basic terms ¢ and t/ of pACP. Assume that ¢t © 1’. 
Then, there exists a probabilistic bisimulation R such that R(t,t’). By 
Lemma 1, ¢ and t’ are rigid. So, by Lemma 2, the restriction of R to the set 
of all subterms of t is a bijection. From this, by Lemma 3, it follows that 
t= is derivable from axioms Al, A2, pAl, and pA2. 
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3.5 Remarks Relating to the Semantics of pACPye. 


In this subsection, we make some remarks, relating to the operational se- 
mantics of pACPyec, that did not fit in very well at an earlier point. 

pACP is a minor variant of the subtheory of pACP, from [4] in which 
the operators for abstraction from some set of actions are lacking. Soundness 
and completeness results with respect to branching bisimulation equivalence 
of an unspecified operational semantics of pACP, are claimed in [4]. In 
principle, the operational semantics concerned should be derivable from the 
operational semantics of pTCP,, given in [23].° However, it turns out that a 
mistake has been made in the rules for the probabilistic choice operators that 
concern the relations K+. The mistake concerned manifests only in closed 
terms of the form ¢ 441 /2t. For example, if t is not derivably equal to a term 
whose outermost operator is a probabilistic choice operator, then both the 
left-hand side and the right-hand side of ¢ 41/2 t give rise to t Hhy/2 t-—> t. 
Consequently, the total probability that t tt, /2t behaves as t is 1/2 instead 
of 1. This is counterintuitive and inconsistent with axiom pA3. 

A meadow has a total multiplicative inverse operation where the mul- 
tiplicative inverse of zero is zero. This is why there is no reason to exclude 
the probabilistic choice operators t+, for 7 € {0,1} if a meadow is used 
instead of a field. Because we have included these operators, we also have 
included relations “+ for  € {0,1}. As a bonus of the inclusion of these 
relations, we could achieve that for all pairs (t,t’) of closed pACPrec terms, 
there exists a 7 € P such that t ~ t’. Due to this, we could at the same 
time reduce the number of rules for the operational semantics that concern 
the relations +, replace all negative premises by positive premises in rules 
for the operational semantics that concern the relations “+ and >, and 
correct the above-mentioned mistake in the rules for the probabilistic choice 
operators that concern the relations K>. 

We already mentioned that a variant of pACP, called pACP*, is pre- 
sented in [2, 3]. pACP, just like pACP_ from [4], differs from pACPt with 
respect to the parallel composition operator. Moreover, in [2, 3], the proba- 
bility distribution function is defined directly instead of via the operational 
semantics. However, except for parallel composition and left merge, the 
probability distribution function corresponds to the probability distribution 
function P defined above. The direct definition of the probability distribu- 
tion function removes the root of the above-mentioned mistake made in [23]. 


®Recall that pICP., is pACP, with the action constants replaced by action prefixing 
operators and a constant for the process that is only capable of terminating successfully. 
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4 Probabilistic Strategic Interleaving 


In this section, we extend pACP with probabilistic strategic interleaving, 
i.e. interleaving according to some probabilistic interleaving strategy. In- 
terleaving strategies are known as process-scheduling policies in the field of 
operating systems. A well-known probabilistic process-scheduling policy is 
lottery scheduling [34]. In the presented extension of pACP deterministic 
interleaving strategies are special cases of probabilistic interleaving strate- 
gies: they are the ones obtained by restriction to the trivial probabilities 0 
and 1. 


4.1 Motivation for Strategic Interleaving 


In this subsection, the motivation for taking strategic interleaving into con- 
sideration is given. 

The interest in strategic interleaving originates from an important 
feature of many contemporary programming languages, namely multi- 
threading. In algebraic theories of processes, such as ACP [9], CCS [28], and 
CSP [26], processes are discrete behaviours that proceed by doing steps in a 
sequential fashion. In these theories, parallel composition of two processes 
is usually interpreted as arbitrary interleaving of the steps of the processes 
concerned. Arbitrary interleaving turns out to be appropriate for many ap- 
plications and to facilitate formal algebraic reasoning. Multi-threading as 
found in programming languages such as Java [24] and C# [25], gives rise to 
parallel composition of processes. In the case of multi-threading, however, 
the steps of the processes concerned are interleaved according to what is 
known as a process-scheduling policy in the field of operating systems. 

Arbitrary interleaving and strategic interleaving are quite different. 
The following points illustrate this: (a) whether the interleaving of cer- 
tain processes leads to inactiveness depends on the interleaving strategy 
used; (b) sometimes inactiveness occurs with a particular interleaving strat- 
egy whereas arbitrary interleaving would not lead to inactiveness and vice 
versa. Nowadays, multi-threading is often used in the implementation of 
systems. Because of this, in many systems, for instance hardware/software 
systems, we have to do with parallel processes that may best be considered 
to be interleaved in an arbitrary way as well as parallel processes that may 
best be considered to be interleaved according to some interleaving strategy. 
Such applications potentially ask for a process algebra that supports both 
arbitrary interleaving and strategic interleaving. 
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4.2  pACP with Probabilistic Strategic Interleaving 


In the extension of pACP with probabilistic strategic interleaving presented 
below, it is expected that an interleaving strategy uses the interleaving 
history in one way or another to make process-scheduling decisions. 

The sets Hy, of interleaving histories for n processes, for n € Nj, are the 
subsets of (N; x N,)* that are inductively defined by the following rules:’ 


© () E Hn; 
e ifi <n, then (i,n) € Hn; 
e ifhe(i,n)e Hn, J <n, andn—1<m<n+41, then h*(i,n)*(j,m)€ Hm. 


The intuition concerning interleaving histories is as follows: if the kth pair 
of an interleaving history is (i,n), then the ith process got a turn in the 
kth interleaving step and after its turn there were n processes to be in- 
terleaved. The number of processes to be interleaved may increase due to 
process creation (introduced below) and decrease due to successful termi- 
nation of processes. 

The presented extension of pACP is called pACP+pSI (pACP with 
probabilistic Strategic Interleaving). It covers a generic probabilistic in- 
terleaving strategy that can be instantiated with different specific proba- 
bilistic interleaving strategies that can be represented in the way that is 
explained below. 

In pACP+ SI, it is assumed that the following has been given:® 


e a fixed but arbitrary set S; 


e a fixed but arbitrary partial function on :Hn x S + ({1,...,n} > P) 
for each n € Nj; 


e a fixed but arbitrary total function Jp:H,xSx{1,...,n}xAx {0,1} > 
S' for each n € Nj; 


e a fixed but arbitrary set CC A; 


where, for each n € Nj: 


e for each h €C Hy and s € S, YT, on(h, s)(t) = 1; 


“The special sequence notation used in this paper is explained in an appendix. 
’We write f : A+ B to indicate that f is a partial function from A to B. 
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e foreachhE€Hn, s € S,i € {1,...,n}, anda € A\C, dn(h, s,i,a,0)=s; 


e for each c € C,é € A\C and, for each a,b € A, y(a,b) 4 ¢, y(a,b) #E, 
(a,c) = 6, and +(a@,¢) = 0. 


The elements of S' are called control states, on is called an abstract scheduler 
(for n processes), Vy is called a control state transformer (for n processes), 
and the elements of C' are called control actions. The intuition concerning 
S, On, Un, and C is as follows: 


e the control states from S encode data that are relevant to the inter- 
leaving strategy, but not derivable from the interleaving history; 


e ifo,(h, s) = 7, then the ith process gets the next turn after interleaving 
history h in control state s; 


e if o,(h,s) is undefined, then no process gets the next turn after inter- 
leaving history h in control state s; 


e if Jp(h,s,i,a,0) = s’, then s’ is the control state that arises from 
the ith process doing a after interleaving history h in control state s 
in the case that doing a does not bring the ith process to successful 
termination; 


e if J, (h,s,7,a,1) = 5s’, then s’ is the control state that arises from the 
ith process doing a after interleaving history h in control state s in 
the case that doing a brings the ith process to successful termination; 


e if a € C, then a is an explicit means to bring about a control state 
change and a is left as a trace after a has been dealt with. 


Thus, S, (On)nen,> (On) nen,» and C together represent an interleaving strat- 
egy. This way of representing an interleaving strategy is engrafted on [29]. 

Consider the case where S is a singleton set, for each n € Ny, op is 
defined by 


Gali). 3)@) =1 itg=1.. 

On({), 8)(4) =0 ifiAl, 

Gn(ho G,n),3)@) =1 ift=—=G modn)+1, 
On(h~ (j,n),s)(t) =0 ifi A (yj modn)+4+1 
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and, for each n € Nj, Un is defined by 
Oy (hy 8,2, 0,5) =e 


In this case, the interleaving strategy corresponds to the round-robin 
scheduling algorithm. This deterministic interleaving strategy is called 
cyclic interleaving in our work on interleaving strategies in the setting of 
thread algebra (see e.g. [15]). In the current setting, an interleaving strategy 
is deterministic if, for all n € Nj, for allh € Hy, s € S, andi € {1,...,n}, 
on(h, s)(z) € {0,1}. In the case that S and ¥, are as above, but a, is 
defined by 


Gna = l/r; 


the interleaving strategy is a purely probabilistic one. The probability dis- 
tribution used is a uniform distribution. 

More advanced strategies can be obtained if the scheduling makes more 
advanced use of the interleaving history and the control state. The inter- 
leaving history may, for example, be used to factor the individual lifetimes of 
the processes to be interleaved or their creation hierarchy into the process- 
scheduling decision making. Individual properties of the processes to be 
interleaved that depend on actions performed by them can be taken into 
account by making use of the control state. The control state may, for exam- 
ple, be used to factor whether a process is currently waiting to acquire a lock 
from a process that manages a shared resource into the process-scheduling 
decision making. An example of a probabilistic interleaving strategy sup- 
porting mutual exclusion of critical subprocesses is given in Section 4.5. 

In pACP+ SI, it is also assumed that a fixed but arbitrary set D of 
data and a fixed but arbitrary function ¢: D > P, where P is the set of 
all closed terms over the signature of pACP+pSI (given below), have been 
given and that, for each d € D and a,b € A, cr(d), er(d) € A, y(cr(d), a) = 4, 
and y(a,b) # cr(d). The action cr(d) can be considered a process creation 
request and the action ¢r(d) can be considered a process creation act. They 
represent the request to start the process denoted by ¢(d) in parallel with 
the requesting process and the act of carrying out that request, respectively. 

The signature of pACP+pSI consists of the constants and operators 
from the signature of pACP and in addition the following operators: 


e for each n € Ni, h € Hy, and s € S, the n-ary strategic interleaving 
operator ||? 5; 
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e for each n,i € Ny with i <n, h € Hn, and s € S, the n-ary positional 
strategic interleaving operator || ;”.. 


The strategic interleaving operators can be explained as follows: 


e a closed term of the form ||; ,(t1,...,¢n) denotes the process that 
results from interleaving of the n processes denoted by t1,...,tn after 
interleaving history h in control state s, according to the interleaving 
strategy represented by S, (¢n)nen,» and (Un) nen, - 


The positional strategic interleaving operators are auxiliary operators used 
to axiomatize the strategic interleaving operators. The role of the positional 
strategic interleaving operators in the axiomatization is similar to the role 
of the left merge operator found in pACP. 

The axioms of pACP+pSI are the axioms of pACP and in addition the 
equations given in Table 7. In the additional equations, n and 7 stand for 


Table 7: Axioms for strategic interleaving 
M=% +VHA...A%1 =@nt+2n > 
ln, s(@1,...,%n) = 6 if on(h, 8) is undefined SIO’ 
pH TAN A eH Bat oS 
In,s(@15---5%n) = Ty [on(h, 8)(0)] Le (v1,...,;%n) if on(h, s) is defined SI1’ 


Nat sans $s yO Ra as eg =O SI2 
In(@) =a SI3 
os wag Ci1; @ Pray Cap) = 

a: le(,n),0n4(h,3,i,0,1) (21; sae pa wets vig Baad) SI4 
ile L1,---,Li-1,@* Lj, Ligi,---;Ln) = 

a: le Gn),9n (hys,4,0,0) (£15 s+ y Di-1, Lj, Lit1,---) Ln) SI5 
ile’aas Cio 5 Pin Er); Lay a5 Va) = 

F(A) - [EAG,n),0n (h,s,i,er(d) 1) (L1, +++ Li-1, Vi-1, +--+, Ln, O(d)) SI6 
ill X1,---,2i-1, r(d) + 24, 2i41,---,2n) = 

or(d) - IA rasecanstt aces capes w+ + jDi-1, Uj, Vit 1,---) Ln; O(d)) SI7 
dle D1,+--,Li-1, U, + @Y, Lig, ---, En) = 

Ae, we 2 Di-1, Ue, Vig d,---,)0n) + eaeerr vei Diy Gy CEs 22a) SI8 
WR o(1,---, 2-1, 0; He 0f, 2i41,---,;2n) = 

Wis Bay nie) Cisi We Dep rye cepa) Hore hg ig eh Pay By Cab igs ea) pSIl 
ies @, vey Di-1, Ly Hey OY, i41,---, Fn) = 


PAG oe SOE peeking ay) thy MC oeeeeee me erer een e oi) psI2 
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arbitrary numbers from Nj, A stands for an arbitrary interleaving history 
from H, s stands for an arbitrary control state from S$, a stands for an 
arbitrary action constant that is not of the form cr(d) or ¢r(d), and d stands 
for an arbitrary datum d from D. 

The equations in Table 7 above the dotted line are similar to the axioms 
for strategic interleaving presented in [16] for the deterministic case. The 
difference between SI1 from that paper and the consequent of SII’ is un- 
avoidable because probabilistic interleaving strategies are not covered there. 
The other differences are due to the finding that the generic interleaving 
strategy from [16] cannot be instantiated with: (a) interleaving strategies 
where the data relevant to the process-scheduling decision making may be 
such that none of the processes concerned can be given a turn, (b) inter- 
leaving strategies where the data relevant to the process-scheduling decision 
making must be updated on successful termination of one of the processes 
concerned, and (c) interleaving strategies where the process-scheduling de- 
cision making may be adjusted by steps of the processes concerned that 
are solely intended to change the data relevant to the process-scheduling 
decision making. 

Axiom SI2 expresses that, in the event of inactiveness of the process 
whose turn it is, the whole becomes inactive immediately. A plausible alter- 
native is that, in the event of inactiveness of the process whose turn it is, the 
whole becomes inactive only after all other processes have terminated or be- 
come inactive. In that case, the functions Jn:HxSx{1,...,n}xAx {0,1} > 
S must be extended to functions 0,:Hx Sx {1,...,n}x(AU{d}) x {0,1} > S$ 
and axiom SI2 must be replaced by the axioms in Table 8. 


Table 8: Alternative axioms for SI2 


IL (6) = 6 SI2a 
ee ey cong Bod, }, es eee Ln41) — 
e~C,n) Pn 41 (h,8,4,6,0) (21 vee Vi-1,Vi41,---, Ln+1) -6 SI2b 


In (pACP+pSI)rec, ie. pACP+pSI extended with guarded recursion in the 
way described in Section 3.2, the processes that can be created are re- 
stricted to the ones denotable by a closed pACP+pSI term. This restriction 
stems from the requirement that ¢ is a function from D to the set of all 
closed pACP+pSI terms. The restriction can be removed by relaxing this 
requirement to the requirement that ¢ is a function from D to the set of 
all closed (pACP+pSID)rec terms. We write (pACP+pSI);".. for the theory 


resulting from this relaxation. In other words, (pACP-+pSI);*.. differs from 


rec 
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(pACP+pSDrec in that it is assumed that a fixed but arbitrary function 
@:D — P, where P is the set of all closed terms over the signature of 
(pACP+pSI);ec, has been given. 


4.3 Semantics of pACP+pSI with Guarded Recursion 


In this subsection, we present a structural operational semantics of 
pACP-+pSI with guarded recursion. 

The structural operational semantics of (pACP+pSI)x, is described by 
the rules for the operational semantics of pACPrec (given in Tables 5 and 6) 
and in addition the rules given in Table 9. In the additional rules, n and 7 


Table 9: Additional rules for the operational semantics of (pACP+pSI)*. 


roy 
a 
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1 / 1 7 a 1 / 1 / 
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ntl, a n 
dlays (x1, tee iiperd) =o Wien) nea (hys,i,a,1) (E19 10+) Uj—-1,Vi41,--- pened) 
Len ped lou aay died L nosh 
Ly br Ly, «++, LVi-p 7 Vy_ 4, Vi WX, Vig. Gay, ---, Inter Ly, 
Nyt a n a 
Jha’ (@1, ..+;2n) i Gn) On (hy8yi,0,0) (Giga ibe yO agency En) 
ee : ce, __er(d) ; ! de ap 
T1-> 24, oeey Li-1 > U4 XG — Vv; Ti41 > Lay, sey In Ly 
nyt ed), in 
h (1, , En) | AO(i,n),On(h,s,t,cr(d),1) (x1, 005 Ti—-1,2it-1;+++) Un, o(d)) 
loos los er(d). oy loos Lee at 
Lr Ly, ---, Vi-1 b> L3_14, Vi — F;, Tit. > L441, teey In > Ly 
nyt r(d) n+l / 
h ACan plea) | hO(in+1),0n (h,s,i,cr(d),0) (x1, vee Di-1, Uj, Vi41,--+-, Un, o(d)) 
Tv Tn 
Lye? eh, ..., Bea, ; 
: On(h, 8) is defined 
a _on(h,s)(4)-T1.- Tn nyo ! 
Iliis(@1, , Xn) k > | Raleiearsey, |) 
T1 / Tn i 
Qs ey Dy ee 
nyt Ty. Tn ep ! 
Shn?s (21, +++, 2n) Wheaties) 


stand for arbitrary numbers from Nj, / stands for an arbitrary interleaving 
history from H, s stands for an arbitrary control state from S, a stands 
for an arbitrary action from A that is not of the form cr(d) or ¢r(d), d 
stands for an arbitrary datum d from D, and 7, ..., 7 stand for arbitrary 
probabilities from P. 
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Proposition 8 © is a congruence w.r.t. the operators of (pACP+pSI)x.- 


Proof: The proof goes along the same line as the proof of Proposition 7 


(pACP+pSI). is sound with respect to probabilistic bisimulation 


rec 
equivalence for equations between closed terms. 


Theorem 3 (Soundness) For all closed (pACP+pSI)%. terms t and t’, 
t=t' is derivable from the axioms of (pACP+pSI),.. only ift@t’. 


Proof: |The proof goes along the same line as the proof of Theorem 1. 


4.4 Reduction of Guarded Recursive Specifications over 
pACP-+psI 


In this subsection, we show that each guarded recursive specifications over 
pACP-+pSI can be reduced to a guarded recursive specification over pACP. 
We make use of the fact that each guarded pACP+pSI term has a head 
normal form. 

Let T be pACP+pSI or (pACP+pSI)rec. The set HNF of head normal 
forms of T is inductively defined by the following rules: 


e 5< ANF; 


e ifacA, thena ec ANF; 


ifa@eAandtisaT term, then a-t € HNF; 


if t,t’ ¢ HNF, thent +t’ € HNF; 


e if t,t’ ¢ HNF anda e€P, thent t,t’ € HNF. 


Each head normal form of T is derivably equal to a head normal form of 
the form }5_, [mi] $i, where n € N; and, for each i € Ny with i < n, 5; is 
of the form ee aij tig + Opt, bin, where ni, m,; € Nj and, for all j € Ny 
with 7 < nj, aj; € A and t;; is a T term, and, for all k € N; with k < mj, 
bin € A. 

Each guarded (pACP+pSI);rec term is derivably equal to a head normal 
form of (pACP+pSI)rec. 
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Proposition 9 For each guarded (pACP+DpSI)rec term t, there exists a head 
normal form t' of (pACP+pSI)rec such that t = t’ is derivable from the 
axioms of (pACP+PpSI)rec. 


Proof: First we prove the following weaker result about head normal 
forms: 


For each guarded pACP+pSI term t, there exists a head normal 
form t' of pACP+pSI such that t = t’ is derivable from the 
axioms of pACP+pSI. 


The proof is straightforward by induction on the structure of t. The case 
where t is of the form 6 and the case where t is of the form a (a € A) are 
trivial. The case where t is of the form ft; - tg follows immediately from 
the induction hypothesis (applied to t;) and the claim that, for all head 
normal forms t and t!, of pACP-+pSI, there exists a head normal form t’ of 
pACP+pSI such that t) -t, =t' is derivable from the axioms of pACP+pSI. 
This claim is easily proved by induction on the structure of t;. The cases 
where t is of the form t,+t2 or ty 1, tg follow immediately from the induction 
hypothesis. The cases where t is of one of the forms ft; || ta, ti | tg or On (t1) 
are proved in the same vein as the case where ¢ is of the form tj - tg. In the 
case that t is of the form ft, | t2, each of the cases to be considered in the 
inductive proof of the claim demands a (nested) proof by induction on the 
structure of th. The case that t is of the form fj || to follows immediately 
from the case that t is of the form 1; || te and the case that ¢ is of the form 
t, | tg. The case where t is of the form ||},";(t1,...,tn) is proved in the same 
vein as the case where t is of the form ty - tg, but the claim is of course 
proved by induction on the structure of t/ instead of t. The case that t 
is of the form ||? ,(t1,...,tn) follows immediately from the case that t is of 
the form IG. ..,;tn). Because t is a guarded pACP+pSI term, the case 
where ¢ is a variable cannot occur. 


The proof of the proposition itself is also straightforward by induction 
on the structure of t. The cases other than the case where ¢ is of the form 
(X|E) is proved in the same way as in the above proof of the weaker result. 
The case where t is of the form (X|E) follows immediately from the weaker 
result and RDP. 


The following theorem refers to three process algebras. It is implicit 
that the same set A of actions and the same communication function 7 are 
assumed in the process algebras referred to. 
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Each guarded recursive specification over pACP+pSI can be reduced 
to a guarded recursive specification over pACP. 


Theorem 4 (Reduction) For each guarded recursive specification FE’ over 
pACP+pSI and each X € V(E), there exists a guarded recursive specifica- 
tion E’ over pACP such that (X|E) = (X|E’) is derivable from the axioms 
of (pACP+pSDrec. 


Proof: We start with devising an algorithm to construct the guarded re- 
cursive specification E’. The algorithm keeps a set V of recursion equations 
from E’ that are already found and a sequence W of equations of the form 
X;, = (ty|E) that still have to be transformed. The algorithm has a finite 
or countably infinite number of stages. In each stage, V and W are finite. 
Initially, V is empty and W contains only the equation Xp = (X|E). 

In each stage, we remove the first equation from W. Assume that 
this equation is X,; = (t,|E). We bring the term (t,|£) into head normal 
form. If t, is not a guarded term, then we use RDP here to turn t, into 
a guarded term first. Thus, by Proposition 9, we can always bring (t,|E) 
into head normal form. Assume that the resulting head normal form is 
iat [ri] OF 21 aig yy + OR) Oink). Then, we add the equation X;, = 
hia (i) O51 9 Xperts nytg + eat bik), where the Xo ny) 4j 
are fresh variables, to the set V. Moreover, for each i and 7 such that 
1<i<nandil <j < nj, we add the equation Xa (Si ny) ti 
to the end of the sequence W. Notice that the terms tj are of the form 
(ter(Si,_, ny) tgl=)- 

Because V grows monotonically, there exists a limit. That limit is 
the finite or countably infinite guarded recursive specification E’. Every 
equation that is added to the finite sequence W, is also removed from it. 
Therefore, the right-hand side of each equation from E”’ only contains vari- 
ables that also occur as the left-hand side of an equation from E’. 

Now, we want to use RSP to show that (X|E) = (X|E’) is deriv- 
able from the axioms of (pACP+pSI)rec. The variables occurring in E” are 
Xo, X1, X2,.... For each k, the variable X; has been exactly once in W as 
the left-hand side of an equation. For each k, assume that this equation is 
Xp = (ty|E). To use RSP, we have to show for each k that the equation 
Xp = Hea lm] CFL ay Xperts, ny +5 + op, bik), with, for each J, 
all occurrences of X; replaced by (t;|E), is derivable from the axioms of 
(pACP+pS]);ec. For each k, this follows from the construction. 


ees A 
= t, 


Theorem 4 would not hold if guarded recursive specifications were re- 
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stricted to finite sets of recursion equations. 

Let t be a closed pACP term or a closed pACP+pSI term, and let 
X €X. Then (X|{X = t}) =t is derivable from RDP. This gives rise to 
the following corollary of Theorem 4. 


Corollary 2 For each closed (pACP+DpSI)rec term t, there exists a closed 
PACPyee term t’ such that t = t' is derivable from the azioms of 
(pACP+pSD)rec- 


4.5 An Example 


In this subsection, we instantiate the generic interleaving strategy on which 
pACP+pSI is based with a specific interleaving strategy. The interleaving 
strategy concerned corresponds to a scheduling algorithm that: 


e selects randomly, according to a uniform probability distribution, the 
next process that gets turns to perform an action; 


e gives the selected process a fixed number k of consecutive turns to 
perform an action; 


e takes care of mutual exclusion of critical subprocesses of the different 
processes being interleaved. 


Mutual exclusion of certain subprocesses is the condition that they are not 
interleaved and critical subprocesses are subprocesses that possibly interfere 
with each other when this condition is not met. The adopted mechanism for 
mutual exclusion is essentially a binary semaphore mechanism [10, 20, 21]. 
Below binary semaphores are simply called semaphores. 

In this section, it is assumed that a fixed but arbitrary natural number 
k © N, has been given. We use & as the number of consecutive turns that 
each process being interleaved gets to perform an action. 

Moreover, it is assumed that a finite set R of semaphores has been 
given. We instantiate the set C of control actions as follows: 


C = {wait(r) | r © R} U {signal(r) |r € R}, 


hereby taking for granted that C' satisfies the necessary conditions. The 
wait and signal actions correspond to the P and V operations from [21]. 
We instantiate the set S of control states as follows: 
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The intuition concerning the connection between control states s € S' and 
the semaphore mechanism as introduced in [21] is as follows: 


e r ¢ dom(s) indicates that semaphore r has the value 1; 
e r € dom(s) indicates that semaphore r has the value 0; 


e r € dom(s) and s(r) = () indicates that no process is suspended 
on semaphore r; 


e if r € dom(s) and s(r) ¥ (), then s(r) represents a first-in, first-out 
queue of processes suspended on r. 


As a preparation for the instantiation of the abstract schedulers o,, and 
control state transformers J,,, we define some auxiliary functions. 
We define a total function turns :H x N; — N recursively as follows: 


iumna((),2) =0, 
turns(h ~ (j,n),i) =0 ifi Xj, 
turns(h~ (j,n), i) = turns(h,i) +1 ifi=j. 


If turns(h,i) = 1 and 1 > 0, then the interleaving history h ends with 1 
consecutive turns of the ith process being interleaved. If turns(h,i) = 0, 
then the interleaving history h does not end with turns of the ith process 
being interleaved. 

We define a total function waiting : S > P(N) as follows: 


waiting (s) = U,cdom(s) clems(s(r)) - 


If waiting(s) = I, theni € J iff the ith process being interleaved is suspended 
on one or more semaphores in control state s. 

We define a total function time2switch, :H x S — {0,1}, for each 
n € Nj, as follows: 


time2switchn(h, 8) =1 if Dict. n}\waiting(s) urns(h,%) € {0, k} , 
timezswitchn(h, 8) =0 if drie¢1,....n}\waiting(s) turns(h,t) € {0, k} . 


If time2switch,(h, s) = b, then b = 1 iff the interleaving history h ends with 
a number of consecutive turns of some process that equals k if that process 
is not suspended in control state s. 

We define a partial function sched, :H x S + ({1,...,n} > P), for 
each n € Nj, as follows: 
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sched,,(h, s)(i) = 1/(n — card(waiting(s))) 

if time2switch,(h, s) = 1 Ai € waiting(s) A waiting(s) A {1,...,n}, 
sched,,(h, s)(i) = 0 

if time2switch,(h, s) = 1 Ai € waiting(s) A waiting(s) 4 {1,...,n}, 
sched,,(h, s)(i) = 1 

if time2switch,(h, s) = 0A turns(h,2) 40 A waiting(s) 4 {1,...,n}, 
sched,,(h, s)(t) = 0 

if time2switch,(h, s) = 0A turns(h,2) =0A waiting(s) € {1,...,n}. 


The function sched, represents a scheduler that works as follows: when 
a process has been given & consecutive turns to perform an action or has 
been suspended, the next process that is given turns is randomly selected, 
according to a uniform probability distribution, from the processes being 
interleaved that are not suspended. Notice that sched,,(h,s)(z) is unde- 
fined if waiting(s) = {1,...,n}. In that case, none of the processes being 
interleaved can be given a turn and the whole becomes inactive. 

We define a total function remove, : S x {1,...,n}— S recursively as 
follows:? 


removen([],7) =[], 


removen(s f [r++ q],7) = remove,(s,2) t [r 4 removel,(q,i)] , 


where the total function remove), :N,* x {1,...,n} — N,* is recursively 
defined as follows: 


remove,,((),t) = 

remove), (7 ~q,7) = 7 ~ remove', (q, 7) ity <3 
remove), (7 ~q,i) = remove}, (q, i) if7=7, 
remove), (j ~q,t) = (jg — 1) ~ removel,(q) if j >7. 


If removen(s,7) = s’, then s’ is s adapted to the successful termination of 
the ith process of the processes being interleaved. 
For each n € Nj, we instantiate the abstract scheduler 0, and control 


©The special function notation used in this paper is explained in an appendix. 
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state transformer v,, as follows: 


On(h, 8) = sched,(h, s) , 


(5, 610,0) = [| ifagC, 
hea (j,n),s,1,a,0) =s ifa€gC, 
(), 8,2, wait(r),0) = [rH ()], 

he (j,n), 8,2, wait(r),0) = sf [rr ()] if r ¢ dom(s) , 
he (j,n), 8,2, wait(r),0) = st [rv s(r) oi] ifr € dom(s) , 
(), 8,2, signal(r),0) = [], 

he (j,n), 8,2, signal(r),0) = s if r ¢ dom(s) , 

he (j,n), 8,2, signal(r),0) = s<4{r} if r€ dom(s) A s(r) = (), 
he~ (j,n), 5,2, signal(r),0) = sf [r 4 tl(s(r))] if r € dom(s) A s(r) 4 () , 


The following clarifies the connection between the instantiated control 
state transformers V,, and the semaphore mechanism as introduced in [21]: 


e s =|] indicates that all semaphores have value 1; 


e if r ¢ dom(s), then the transition from s to sf [r+ ()] indicates that 
the value of semaphore r changes from 1 to 0; 


e if r € dom(s), then the transition from s to s { [r + s(r) ~ 4] indi- 
cates that the ith process being interleaved is added to the queue of 
processes suspended on semaphore r; 


e if r ¢ dom(s), then the transition from s to s indicates that the value 
of semaphore r remains 1; 


e if r € dom(s) and s(r) = (), then the transition from s to s < {r} 
indicates that the value of semaphore r changes from 0 to 1; 


e if r € dom(s) and s(r) ¥ (), then the transition from s to sf [rH 
tl(s(r))] indicates that the first process in the queue of processes sus- 
pended on semaphore r is removed from that queue. 


The example given above is only meant to show that the generic probabilis- 
tic interleaving strategy assumed in pACP+pSI can be instantiated with 
non-trivial specific probabilistic interleaving strategies. In practice, more 
advanced probabilistic interleaving strategies, such as strategies based on 
lottery scheduling [34], are more important. 
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5 Concluding Remarks 


We have presented a probabilistic version of ACP [9, 14] that rests on the 
principle that probabilistic choices are always resolved before choices in- 
volved in alternative composition and parallel composition are resolved. 
By taking functions whose range is the carrier of a signed cancellation 
meadow [12, 19] instead of a field as probability measures, we could in- 
clude probabilistic choice operators for the probabilities 0 and 1 without 
any problem and give a simple operational semantics. 

We have also extended this probabilistic version of ACP with a form of 
interleaving in which parallel processes are interleaved according to what is 
known as a process-scheduling policy in the field of operating systems. This 
is the form of interleaving that underlies multi-threading as found in con- 
temporary programming languages. To our knowledge, the work presented 
in [16] and this paper is the only work on this form of interleaving in the 
setting of a general algebraic theory of processes like ACP, CCS and CSP. 

The main probabilistic versions of ACP introduced earlier are 
prACP [6], pACP* [2], and pACP,, [4]. Like pACP, those probabilistic ver- 
sions of ACP are based on the generative model of probabilistic processes. 
In prACP, the alternative composition operator and the parallel composi- 
tion operator are replaced by probabilistic choice operators and probabilistic 
parallel composition operators. In pACP*, no operators are replaced, but 
probabilistic choice operators are added. The parallel composition operator 
of pACP* is somewhat tricky because probabilistic choices are not resolved 
before choices involved in parallel composition are resolved. pACP., is, apart 
from abstraction, pACP* with another parallel composition operator where 
probabilistic choices are resolved before choices involved in parallel compo- 
sition are resolved. pACP is a minor variant of pACP. without abstraction 
operators. The differences and their consequences are described in the first 
and last but one paragraph of Section 3.5. 

In this paper, we consider strategic interleaving where process creation 
is taken into account. The approach to process creation followed originates 
from the one first followed in [11] to extend ACP with process creation and 
later followed in [5, 7, 17] to extend different timed versions of ACP with 
process creation. The only other approach that we know of is the approach, 
based on [1], that has for instance been followed in [8, 22]. However, with 
that approach, it is most unlikely that data about the creation of processes 
can be made available for the decision making concerning the strategic in- 
terleaving of processes. 
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Appendix: Sequence and Function Notations 


We use the following sequence notation: 
e () for the empty sequence; 
e d for the sequence having d as sole element; 
e uv for the concatenation of sequences u and v; 
e hd(u) for the first element of non-empty sequence u; 


e tl(w) for the subsequence of non-empty sequence u whose first element 
is the second element of u and whose last element is the last element 
of u; 


e clems(u) is the set of all elements of sequence u. 
We use the following special function notation: 
e |] for the empty function; 
e [d+ e] for the function f with dom(f) = {d} such that f(d) =e; 


e f tg for the function h with dom(h) = dom(f) Udom(g) such that for 
all d € dom(h), h(d) = f(d) if d ¢ dom(g) and h(d) = g(d) otherwise; 


e f <S for the function g with dom(g) = dom(f) \ S such that for all 
d € dom(g), g(d) = f(d). 


References 


[1] P. America, J.W. de Bakker. Designing Equivalent Semantic Models 
for Process Creation. Theoretical Computer Science 60(2), 109-176, 
1988. doi:10.1016/0304-3975 (88) 90048-5. 


[2] S. Andova. Process Algebra with Probabilistic Choice. In J.-P. Katoen 
(Ed.), Formal Methods for Real-Time and Probabilistic Systems (ARTS 
1999), Lecture Notes in Computer Science 1601, 111-129, 1999. doi: 
10.1007/3-540-48778-6_7. 


[3] S. Andova. Probabilistic Process Algebra. PhD thesis, Department of 
Mathematics and Computer Science, Eindhoven University of Technol- 
ogy, Eindhoven, 2002. doi:10.6100/1R561343. 


Probabilistic Process Algebra and Strategic Interleaving 241 


[4] 


[11] 


S. Andova, S. Georgievska. On Compositionality, Efficiency, and Ap- 
plicability of Abstraction in Probabilistic Systems. In M. Nielsen, 
A. Kuéera, P.B. Miltersen, C. Palamidessi, P. Tuma, F. Valencia 
(Eds.), Theory and Practice of Computer Science (SOFSEM 2009), 
Lecture Notes in Computer Science 5404, 67—78, 2009. doi:10.1007/ 
978-3-540-95891-8_10. 


J.C.M. Baeten, J.A. Bergstra. Real Space Process Algebra. Formal 
Aspects of Computing 5(6), 481-529, 1993. doi:10.1007/BF01211247. 


J.C.M. Baeten, J.A. Bergstra, S.A. Smolka. Axiomatizing Probabilis- 
tic Processes: ACP with Generative Probabilities. Information and 
Computation 121(2), 234-255, 1995. doi:10.1006/inco.1995.1135. 


J.C.M. Baeten, C.A. Middelburg. Process Algebra with Timing. Mono- 
graphs in Theoretical Computer Science, An EATCS Series. Springer- 
Verlag, Berlin, 2002. doi:10.1007/978-3-662-04995-2. 


J.C.M. Baeten, F.W. Vaandrager. An Algebra of Process Creation. 
Acta Informatica 29(4), 303-334, 1992. doi:10.1007/BF01178776. 


J.C.M. Baeten, W.P. Weijland. Process Algebra, Cambridge Tracts in 
Theoretical Computer Science 18. Cambridge University Press, Cam- 
bridge, 1990. doi:10.1017/CB09780511624193. 


M. Ben-Ari. Principles of Concurrent and Distributed Programming. 
Pearson, Harlow, second edition, 2006. 


J.A. Bergstra. A Process Creation Mechanism in Process Algebra. 
In J.C.M. Baeten (Ed.), Applications of Process Algebra, Cambridge 
Tracts in Theoretical Computer Science 17, 81-88, 1990. doi:10.1017/ 
CB09780511608841.006. 


J.A. Bergstra, I. Bethke, A. Ponse. Cancellation Meadows: A Generic 
Basis Theorem and Some Applications. Computer Journal 56(1), 3-14, 
2013. doi: 10.1093/comjn1/bxs028. 


J.A. Bergstra, J.W. Klop. The Algebra of Recursively Defined Pro- 
cesses and the Algebra of Regular Processes. In J. Paredaens (Ed.), Au- 
tomata, Languages and Programming (ICALP 1984), Lecture Notes in 
Computer Science 172, 82-95, 1984. doi:10.1007/3-540-13345-3_7. 


242 


C.A. Middelburg 


[14] 


[15] 


[16] 


[17] 


[18] 


[19] 


20 


21 


22 


J.A. Bergstra, J.W. Klop. Process Algebra for Synchronous Com- 
munication. Information and Control 60(1-3), 109-137, 1984. doi: 
10.1016/S0019-9958 (84) 80025-X. 


J.A. Bergstra, C.A. Middelburg. Thread Algebra for Strategic Inter- 
leaving. Formal Aspects of Computing 19(4), 445-474, 2007. doi: 
10.1007/s00165-007-0024-9. 


J.A. Bergstra, C.A. Middelburg. Process Algebra with Strategic In- 
terleaving. Theory of Computing Systems 63(3), 488-505, 2019. doi: 
10.1007/s00224-018-9873-2. 


J.A. Bergstra, C.A. Middelburg, Y.S. Usenko. Discrete Time Process 
Algebra and the Semantics of SDL. In J.A. Bergstra, A.Ponse, S.A. 
Smolka (Eds.), Handbook of Process Algebra, 1209-1268, 2001. doi: 
10.1016/B978-044482830-9/50036-9. 


J.A. Bergstra, A. Ponse. Probability Functions in the Context of 
Signed Involutive Meadows. In P. James, M. Roggenbach (Eds.), Re- 
cent Trends in Algebraic Development Techniques (WADT 2016), Lec- 
ture Notes in Computer Science 10644, 73-87, 2017. doi:10.1007/ 
978-3-319-72044-9_6. 


J.A. Bergstra, J.V. Tucker. The Rational Numbers as an Abstract 
Data Type. Journal of the ACM 54(2), Article 7, 2007. doi:10.1145/ 
1219092.1219095. 


P. Brinch Hansen. Operating System Principles. Prentice-Hall, Engle- 
wood Cliffs, NJ, 1973. 


E.W. Dijkstra. Cooperating Sequential Processes. In F. Genuys (Ed.), 
Programming Languages, 43-112, 1968. 


T. Gehrke, A. Rensink. Process Creation and Full Sequential Com- 
position in a Name-Passing Calculus. Electronic Notes in Theoretical 
Computer Science 7, 141-160, 1997. doi:10.1016/S1571-0661 (05) 
80471-2. 


S. Georgievska. Probability and Hiding in Concurrent Processes. PhD 
thesis, Department of Mathematics and Computer Science, Eindhoven 
University of Technology, Eindhoven, 2011. doi:10.6100/1R716397. 


Probabilistic Process Algebra and Strategic Interleaving 243 


24 


25 


26 


27 


30 


3l 


32 


J. Gosling, B. Joy, G. Steele, G. Bracha. The Java Language Specifica- 
tion. Addison-Wesley, Reading, MA, third edition, 2005. 


A. Hejlsberg, S. Wiltamuth, P. Golde. C# Language Specification. 
Addison-Wesley, Reading, MA, 2003. 


C.A.R. Hoare. Communicating Sequential Processes. Prentice-Hall, 
Englewood Cliffs, 1985. 


R. Lanotte, S. Tini. Probabilistic Bisimulation as a Congruence. ACM 
Transactions on Computational Logic 10(2), Article 9, 2009. doi:10. 
1145/1462179.1462181. 


R. Milner. Communication and Concurrency. Prentice-Hall, Engle- 
wood Cliffs, 1989. 


A. Sabelfeld, D. Sands. Probabilistic Noninterference for Multi- 
Threaded Programs. In Proceedings 18th IEEE Computer Security 
Foundations Workshop (CSFW-13), 2000. doi:10.1109/CSFW.2000. 
856937. 


A. Silberschatz, P.B. Galvin, G. Gagne. Operating System Concepts. 
John Wiley and Sons, Hoboken, NJ, tenth edition, 2018. 


A.S. Tanenbaum, H. Bos. Modern Operating Systems. Pearson, Harlow, 
fourth edition, 2015. 


R.J. van Glabbeek, S.A. Smolka, B. Steffen. Reactive, Generative and 
Stratified Models of Probabilistic Processes. Information and Compu- 
tation 121(1), 59-80, 1995. doi:10.1109/LICS.1990. 113740. 


R.J. van Glabbeek, F.W. Vaandrager. Modular Specification of Process 
Algebras. Theoretical Computer Science 113(2), 293-348, 1993. doi: 
10.1016/0304-3975 (93) 90006-F. 


C.A. Waldspurger, W.E. Weihl. Lottery Scheduling: Flexible 
Proportional-Share Resource Management. In Proceedings of the 1st 
USENIX conference on Operating Systems Design and Implementation 
(OSDI ’94), Article 1, 1994. 


©) Scientific Annals of Computer Science 2020 


